ssh with tcp_wrappers!! contd/-

debu debajit_kataki at rediffmail.com
Fri Feb 23 18:23:49 EST 2007


  
Hi All,

Thanks a lot for such a huge response, of course typing mistake, i was using DenyHost not DenyGhost; as suggested by david and others i did this,
1) Login, as root, to my Linux system containing the sshd server.
2) Edited the file, /etc/hosts.deny
3) Added the following:
$ sshd: 127.0.0.1
4) Attempt to connect to the local sshd server:
$ ssh localhost
It conected, Also, ldd /usr/sbin/sshd did not list libwrap.so ; hence its confirmed that my ssh is a simple rpm shootout.


Now, what next? i am not willing to compile openssh package is there any way out via rpm installation. Its a RHEL 3 box..


Thanks
D e b u

On Sat, 24 Feb 2007 David Bear wrote :
>On Fri, Feb 23, 2007 at 07:08:53PM +0000, John O'Loughlin wrote:
> >
> >
> > Well, i was trying to configure DenyGhost
>
>There is DenyUsers and DenyGroups that is part of sshd_config.
>
>If you to deny hosts using tcp wrappers go into to etc/hosts.allow and
>add
>
>sshd: 127.0.0.1
>
>Then save it.
>
>Then try to ssh to localhost. That will tell you definitively whether
>your sshd is compiled with tcp wrappers. I'd be very surprised if it
>were not. Both Suse and RHEL that I use have sshd compiled with
>wrappers.
>
>BTW, I don'y know if you really mean DenyGhost instead of DenyHost. I
>lost track of this thread a while back. If its already been said,
>apologies for duplication.
>
> >
> > If there's somethin' weird And it don't look good Who ya gonna call?...
> >
> > John
> >
> >
> >
> >
> > Any suggetsion?
> >
> >
> > On Fri, 23 Feb 2007 Bliss,Aaron wrote :
> > >Debu,
> > >Iptables might be an alternative for you if you don't' want to compile
> > >ssh; it should be able to do most if not all things tcp wrappers can
> > >do...
> > >
> > >Aaron
> > >
> > >-----Original Message-----
> > >From: redhat-list-bounces at redhat.com
> > >[mailto:redhat-list-bounces at redhat.com] On Behalf Of debu
> > >Sent: Friday, February 23, 2007 12:49 PM
> > >To: John O'Loughlin
> > >Cc: General Red Hat Linux discussion list
> > >Subject: Re: Re: ssh with tcp_wrappers!! contd/-
> > >
> > >
> > >Thanks a lot john, for quick response, :)
> > >
> > >yeah..got it its not there.
> > >
> > >Now how do i go about that, its a running server. i dun want to compile
> > >ssh again!!
> > >
> > >
> > >--d e b u
> > >
> > >On Fri, 23 Feb 2007 John O'Loughlin wrote :
> > >>
> > >>ldd /usr/sbin/sshd
> > >>
> > >>look for libwrap.so
> > >>
> > >>John
> > >>
> > >>On Fri, 23 Feb 2007, debu wrote:
> > >>
> > >>>
> > >>  Dear all,
> > >>
> > >>    How can i make sure that my ssh is compiled with tcp_wrappers?
> > >>
> > >>    Contd/-
> > >>
> > >>  --debu
> > >>>--
> > >>>redhat-list mailing list
> > >>>unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> > >>>https://www.redhat.com/mailman/listinfo/redhat-list
> > >>>
> > >
> > >--
> > >redhat-list mailing list
> > >unsubscribe mailto:redhat-list-request at redhat.com?subject=subscribe
> > >https://www.redhat.com/mailman/listinfo/redhat-list
> > >
> > >Confidentiality Notice:
> > >The information contained in this electronic message is intended for the
> > >exclusive use of the individual or entity named above and may contain
> > >privileged or confidential information.  If the reader of this message is
> > >not the intended recipient or the employee or agent responsible to deliver
> > >it to the intended recipient, you are hereby notified that dissemination,
> > >distribution or copying of this information is prohibited.  If you have
> > >received this communication in error, please notify the sender immediately
> > >by telephone and destroy the copies you received.
> >
> > --
> > redhat-list mailing list
> > unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> > https://www.redhat.com/mailman/listinfo/redhat-list
>
>--
>David Bear
>phone: 	602-496-0424
>fax: 	602-496-0955
>College of Public Programs/ASU
>University Center Rm 622
>411 N Central
>Phoenix, AZ 85007-0685
>  "Beware the IP portfolio, everyone will be suspect of trespassing"
>
>--
>redhat-list mailing list
>unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
>https://www.redhat.com/mailman/listinfo/redhat-list



More information about the redhat-list mailing list